IT Governance, Risk, and Compliance

“Collectively, the term IT hardware describes all equipment necessary to enable IT services utilization. Yet, each hardware configuration item may have distinct operational characteristics and controls.” Therefore, as with any critical IT development, representatives from information security and IT audit should be considered key project participants. Information security’s primary role in an open source hardware development project is to ensure appropriate safeguarding mechanisms are deployed. Whereas, IT audit’s primary role in an open source hardware development project is to assure adequate preventive, detective, and/or corrective controls are implemented.

“View Part I of the Open Source Hardware and Software Licensing series here“

Open source IT hardware are physical configuration items designed and usually offered under the same terms as other open source products. Utilizing this premise, an open source IT hardware development project can apply similar open source value concepts during construction and deployment of IT infrastructure components. In particular, depending on the approach applied to open source IT hardware development, a hardware engineer can create a digital device customized to the exact needs of the user — even if the demand for the device is limited. Beneficially, information regarding the IT hardware of interest is typically easy to discern. In addition, when an IT hardware design is published as open source, project participants can: learn from the root documents, improve on the presented engineering concepts or second-source device development.

“View Part I of the Open Source Hardware and Software Licensing series here“

In an attempt to control and/or reduce IT costs many entities have turned to open source development as a preferred alternative method for constructing new products. Open source products can be described as the practices in the development process promoting access to root materials of a forecasted result. Typically, the open source development process removes restrictions on root material distribution and utilization to produce the desired outcome. Most open source licenses allow the source material to be redistributed, without restriction, under the same terms of the original agreement when development work is sub-contracted to a third party. In contrast, proprietary products are licensed under the exclusive legal right of its owner and generally remiss of transferability.

Generally, cloud computing clients do not own the physical infrastructure, logical infrastructure or applications accessed by authorized personnel. Instead, clients avoid capital expenditures through leasing usage from the third-party provider. Service consumption payment plans are typically based on utilization and/or subscription rates defined in the third-party provider’s business model; where leasing arrangements can reflect block time, remote batch, or timeshare costing techniques. Nevertheless, entities that acquire cloud computing services should employ sound IT service management systems, processes, activities, and tasks to ensure defined QoS as well as financial expectations for selected third-party configurations are fulfilled.

“View Part I of the Service Level Management of Cloud Computing series here“

Commercial cloud computing vendors are expected to meet achievable QoS requirements, and if the entity is vigilant, sign legally binding SLAs promoting expectation fulfillment. To ensure effective SLAs, OLAs must be defined and developed prior to deploying any cloud computing service. These OLAs should cover expectations that assist the entity’s IT organizational structure in services delivery and contractual negotiations.

Commonly, OLA utilization requires explaining how services will be technically delivered to support the SLA(s) in an optimal manner — with provisions for timely updating related to service quality. Consequently, an OLA should specify technical processes in terms meaningful to the cloud computing provider, and can support several SLAs.

“View Part I of the Service Level Management of Cloud Computing series here“

SLR recording dictates identifying performance as well as capacity requirements and placing them in a SLM registry.These SLRs can encompass:

Scalability

Maintainability

Reliability

Availability

Performance

Security

During the initial cloud computing acquisition phases, an IT architect should define the QoS measurements for each of the SLRs. Furthermore, an entity’s IT clients should agree on: guidelines for dealing with reported problems that may require extended timeframes to resolve as well as information detailing the impact of problems on business processes, other IT configurations and service users.

“View Part I of the Service Level Management of Cloud Computing series here“

To enable SLM, customers as well as internal and external suppliers should be identified and managed. For most service providers, cloud computing infrastructure consists of services delivered through central sites utilizing configured servers. Whereby, IT services often appear as single access points to clients.

Usually the rapid growth of virtualized resources across multiple domains begets heightened IT service delivery expectations. To reconcile this perspective, management normally insists on increased quality, functionality and ease of use; decreased deployment time; and continuously improving service levels — with multilateral cost containment or abatement.

For the entity’s IT service delivery personnel, business expectations generally translate into providing appropriate SLM of cloud computing. Typically, SLM is considered the primary IT managerial area that ensures promised services are delivered when and where expected at agreed-upon cost. As with most managerial endeavors, there should be a well formulated plan. Consequently, assisting in actualizing expectations for SLM processes is the Service Quality Plan (SQP) addressing specific managerial objectives.

“View Part I of the Service Level Management of Cloud Computing series here“

IT assets are complex to manage and continually change due to the nature of technology and changing business requirements.Effective life cycle management of hardware, software licenses and service agreements; as well as permanent and contracted human resources are critical success factors (CSFs) not only for optimizing the IT cost-base, but also for managing changes, minimizing service incidents and assuring a reliable quality of service (QoS).

As suggested by International Business Machines (IBM), cloud computing enables entities to provision reliable, on-demand services in a flexible and affordable manner; thus, offering the benefits of open standards, scalable systems and service oriented architecture. However, there are potential challenges associated with managing a cloud environment, including:

rapid growth of virtualized resources across multiple domains

linkage of dynamic resources to underlying IT infrastructure

operational monitoring and problem determination across the physical and virtualized infrastructure

“View Part I of the Service Level Management of Cloud Computing series here“